In ‘a simple test’, hackers ‘breach’ into NT’s server.

Kathmandu, Mar 10, 2016: A group of hackers calling itself Anonymous#opnep has claimed to have breached into the server of Nepal Telecom (NT), gaining access to all the information of its users.

The group on their Facebook page, however, said it has no plans to take down the NT server, as it “will cost millions of rupees to the Nepali government” but “it has taken control of everything in the server”.

NT Spokesperson Prativa Vaidya, however, dismissed the claim and said the NT server was “very much secure”. But she admitted that the “ID” of the one of NT’s outsourcing partners might have been “misused” to extract the details of its users.
NT outsources its various tasks to different vendors and partners.

NT held a 46 percent market share with 11.87 million subscribers across the country as of January 2015.

NT has 9.9 million GSM mobile phone users and 1.18 million CDMA mobile
phone users.

With regard to fixed telephone line service, it has 661,210 PSTN service users and 123,373 wireless local loop service users.

In the internet/data market too, NT has a significant hold, with its market share standing at 57.76 percent.

NT has 5.93 million data service users.

“We have a large number of outsourcing partners and our guess is that one of the IDs might have been misused,” said Vaidya. “We need to investigate further before we can give more details.”

Information Technology (IT) experts, however, say any unauthorised access to information is hacking and that access to such sensitive information could be dangerous.

“[This clearly shows that] security system of the NT has been breached,” said Rajan Raj Pant, chairman of IT Security Emergency Response Team Nepal, a forum for all ICT security professionals. “In order to make the server secure, vulnerability assessment audit should be carried out frequently, but it seems the NT doesn’t follow the protocol.”

According to Pant, if the database was leaked from one of the outsourcing partners or vendors, the NT should track them down. “They should be more careful while entering into service agreement with outsourcing partners or vendors,” added Pant.

Nepal Police said it had not received any formal complaint from the NT, but added that it has started investigation on its own.

“No formal complaint has been lodged. But after learning about the incident, our forensic digital cell has already swung into action,” said DIG Nawaraj Silwal.

The hackers through Facebook messenger contacted The Kathmandu Post and said that NT server “has been patched”. When asked about the motive, the group said it was “just a simple test”.